User Guide Getting Started Help Center Documentation Community Training
Looker Outbound Port Requirements

By default, Looker tries to connect to specific outbound ports to support various features. Blocking or disabling these connections may prevent full use of the Looker application. To learn more about what tools and services Looker uses and what their outbound port requirements are, see the table below.

In addition to those listed on this page, Looker needs ports opened to communicate with your databases. You may also need to open additional ports if you have migrated your internal configuration to a MySQL database or if you have clustered Looker (so the cluster nodes can communicate with each other).

Service Purpose Port Requirement
Licensing data* A Looker service that gathers information about how the service is being used to ensure that usage is in compliance with the customer’s licensing terms. This information includes metadata about users, roles, database connections, server settings, features used, API usage, and version.
Product usage A Looker service (Pinger) that gathers pseudonymized usage data about how users are using the Looker product and how well it is performing. This data is analyzed and used to improve the Looker product. Administrators can disable this service for their instance by contacting Support.
Configuration backups* A Looker service (Amazon S3 for Looker-hosted deployments) that encrypts backups of Looker system’s configuration, which includes saved Looks, query history, encrypted user and database credentials, and Looker user settings. For redundancy, configuration backups are stored in multiple third-party systems. * for Amazon S3 (if using a Looker-hosted deployment)
System error reports* A Looker service that transmits runtime exceptions to Looker internal systems in order for Looker technicians to diagnose issues with the product. These messages are first sent as HTTPS requests, but will fail-over to email via a customer’s Looker’s SMTP settings if necessary.
Actions* You can use actions to deliver content to third-party services integrated with Looker via an action hub server. Any data your users send using an action will be processed temporarily on Looker’s action server (known as the Action Hub) rather than in your Looker instance. (if using Looker-hosted Action Hub)
Email notifications A third-party service (SendGrid) that transmits emails from and in order to provide new account welcome emails, forgotten password reset links, and scheduled data delivery for Looker users. If you prefer, you can alter this configuration to use your own SMTP integration instead. on port 587
LookML storage A third-party service (GitHub) that allows for the development and storage of a customer’s LookML code. If you prefer, you can alter this configuration to use your own Git integration instead. * (ssh)
In-app guides and in-product messaging A third-party service (Pendo) that delivers personalized messages to users to help them more easily use the Looker product. This service collects basic pseudonymized usage data in order to personalize messages and guides. Administrators can disable this service for their instance. * and * (from users’ browsers)
Support tickets* A third-party service (Zendesk) that provides an embedded chat client in order to facilitate product support. * and * on ports 80 and 443 (from users’ browsers)
Support access A Looker service that allows Looker technicians to troubleshoot problems by permitting authentication into a customer’s Looker application. This access is limited to Support use cases and can be disabled when not needed by customers. <lookername> and

* In-Product (cloud-based) Services

Learn more about Looker’s product security and privacy policy.

Next Step

After you have ensured that Looker can access necessary services, you’re ready to enable secure database access.